vlans
TRANSCRIPT
VLAN
E0 E1
E2 E3 DC
A BB
4 Collision Domains
1 Broadcast Domain
• Network adds, moves, and changes are achieved by configuring a port into the appropriate VLAN.
• A group of users needing high security can be put into a VLAN so that no users outside of the VLAN can communicate with them.
• VLANs can enhance network security.
• VLANs increase the number of broadcast domains while decreasing their size.
Virtual LAN Basics
E0 E1
E2 E3 DC
A BB
4 Collision Domains
2 Broadcast Domains
• A Layer 2 Security
• Divides a Single Broadcast domain into Multiple Broadcast
domains.
• By default all ports of the switch are in VLAN1 . This VLAN1 is
known as Administrative VLAN or Management VLAN
• VLAN can be created from 2 – 1001
• Can be Configured on a Manageable switch only
• 2 Types of VLAN Configuration
– Static VLAN
– Dynamic VLAN
Virtual LAN
Static VLAN
• Static VLAN’s are based on port numbers
• Need to manually assign a port on a switch to a VLAN
• Also called Port-Based VLANs
• It can be a member of single VLAN and not multiple VLAN’s
• Creation of VLAN:-Switch # vlan databaseSwitch(vlan)# vlan <vlan id> name <vlan name> Switch(vlan)# exit
• Assigning port in VLAN:-Switch#config tSwitch(config)# int fastethernet <int no>Switch(config-if)# switchport mode accessSwitch(config-if)# switchport access vlan <vlan id>
• Verify using Switch # show vlan
Static VLAN On 2900 series Switch
VLAN Creation – 1900 SeriesSwitch(config)# vlan <no>
Switch(config-Vlan)# name <name>
Switch(config-Vlan)# Exit
Vlan Implementation Switch(config)# interface <interface type> <interface no.>
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access Vlan <no>
Show Vlan
VLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 Default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/241002 fddi-default act/unsup1003 trcrf-default act/unsup1004 fddinet-default act/unsup1005 trbrf-default act/unsup
--More--
Switch#
Before VLAN implementation
VLAN Name Status Ports---- ------------------------------ --------- -------------------------------1 default active Fa0/2, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9,
Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15,
Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21,
Fa0/22, Fa0/23, Fa0/2410 sales active Fa0/1, Fa0/320 mkt active1002 fddi-default act/unsup1003 trcrf-default act/unsup1004 fddinet-default act/unsup
--More--
Show VlanSwitch65#
After VLAN implementation
• Dynamic VLAN’s are based on the MAC address of a PC
• Switch automatically assigns the port to a VLAN
• Each port can be a member of multiple VLAN’s
• For Dynamic VLAN configuration, a software called VMPS( VLAN
Membership Policy Server) is needed
Dynamic VLAN
• Access links– This type of link is only part of one VLAN, and it’s referred to as
the native VLAN of the port.
– Any device attached to an access link is unaware of a VLAN membership—the device just assumes it’s part of a broadcast domain, but it has no understanding of the physical network.
– Switches remove any VLAN information from the frame before it’s sent to an access-link device.
• Trunk links– Trunks can carry multiple VLANs.
– A trunk link is a 100- or 1000Mbps point-to-point link between two switches, between a switch and router, or between a switch and server. These carry the traffic of multiple VLANs—from1 to 1005 at a time.
– Trunking allows you to make a single port part of multiple VLANs at the same time.
Types of links/ports
• VLAN identification is what switches use to keep track of all those frames
• It’s how switches identify which frames belong to which VLANs, and there’s more than one trunking method :– Inter-Switch Link (ISL)– IEEE 802.1Q
VLAN Identification Methods (Frame Tagging)
• It’s a Cisco proprietary
• It adds 30 bytes to the header
• All VLAN traffic is tagged
• It works with Ethernet, Token ring, FDDI
• Frame is not modified
• Created by the IEEE as a standard method or frame tagging.
• Open standard, we can use on different vendors switches.
• It works only on Ethernet • Unlike ISL , 802.1q does not
encapsulate the frame . It modifies the existing Ethernet frame to include the VLAN ID
• Only 4 Byte tag will add to original frame.
ISL IEEE 802.1Q
Trunking Configuration – 2900 Series
Switch(config)# interface <interface type> <interface no.>Switch(config-if)# switchport trunk allowed vlan {<vlan no.>|all}Switch(config-if)# switchport trunk encapsulation dot1q/ISL
• VTP is a CISCO proprietary protocol
• used to share the VLAN configurations with multiple switches and
to maintain consistency throughout that network.
• Information will be passed only if switches connected with
FastEthernet or higher ports.
• VTP allows an administrator to add, delete, and rename VLANs-
information that is then propagated to all other switches in the
VTP domain.
• Note: Switches Should be configure with same Domain. Domain
are not Case sensitive.
Virtual LAN Trunking Protocol
VTP Mode are of three types :
• Server Mode
– A Switch configured in Server mode can Add , Modify and Delete
VLAN’s
– A Default VTP mode for all switches
• Client Mode
– A switch configured in Client mode cannot Add , Modify and Delete
its VLAN configurations
– Doesn’t store its VLAN configuration information in the NVRAM.
Instead , learns it from the server every time it boots up
• Transparent Mode
– A switch configured in a Transparent Mode can Add , Modify and
Delete VLAN configurations. Changes in one transparent switch will
not affect any other switch.
VTP Modes
• Consistent VLAN configuration across all switches in the network
• Accurate tracking and monitoring of VLANs
• Dynamic reporting of added VLANs to all switches in the VTP domain
• Plug-and-Play VLAN adding
Benefits of VLAN Trunking Protocol (VTP)
VTP Pruning
• Preserves bandwidth by configuring it to reduce the amount of broadcasts, multicasts, and unicast packets.
• VTP pruning only sends broadcasts to trunk links that truly must have the information.
• Enabling pruning on a VTP server, enables it for the entire domain.
• By default, VLANs 2 through 1005 are pruning-eligible, but VLAN 1 can never prune because it’s an administrative VLAN.
VTP Configuration – 2950 Series
Switch(config)# VTP Domain <Name>Switch(config)# VTP Password <password>Switch(config)# VTP Mode
<server/client/transparent>Switch(config)# VTP pruning
VTP Configuration – 1900 Series
Switch# VLAN DatabaseSwitch(VLAN)# VTP Domain <Name>Switch(VLAN)# VTP Password <password>Switch(VLAN)# VTP Mode
<server/client/transparent>Switch(VLAN)# VTP pruning